Category: Cisco switching

Overview

The 802.1Q tunnneling technology also known as Q-in-Q is an extension to the well known 802.1Q standard which allows service providers to transport customers VLANs by simply adding another layer of IEEE 802.1Q tag to the original 802.1Q tagged packets that enter the ISP network. Customer VLAN IDs are preserved and traffic from different customers is segregated within the service-provider infrastructure even when they appear to be on the same VLAN. The primary benefit for the service provider is reduced number of VLANs supported for the same number of customers. By using 802.1Q tunneling the layer 2 domain of a customer can be extended across multiple sites. A Q-in-Q frame can be identified by the Ethertype field 0x8100 in the Ethernet header and it’s called a double-tagged frame. One outer ISP VLAN tag can carry 4096 customer VLAN tags and this brings the total number of available VLANs to approximately 16.8 million.

Overview

Private VLANs are used to provide layer 2 isolation between members of the same broadcast domain. Private VLANs are documented in RFC 5517. In a standard VLAN environment traffic between members of the same VLAN can flow without restrictions. We can think of private VLANs like a segmentation of a normal VLAN in multiple subdomains. This feature is available only on layer 3 Catalyst 3560s and higher switches. Private VLANs can be used to address two issues found in service provider networks. First using normal VLANs an ISP must assign one VLAN per customer and thus a scalability problem would arise if the ISP needs to support more than 4094 clients which is the maximum number of supported VLANs by a device. Secondly when using IP routing each VLAN requires a separate subnet, which can lead to IP address management problems by wasting unused IP addresses.

Overview

A VLAN (Virtual LAN)is a term derived from LAN (Local area network) and represents a logical grouping of hosts with the same set of requirements. All host in a VLAN communicate as if they were attached to the same broadcast domain, regardless of their physical location. By grouping several switch ports in different VLANs we are creating separate logical broadcast domains. All member ports of the same VLAN can communicate between them without using any Layer 3 routing. In order to allow communication between different VLANs we must use a layer 3 device like a router or we can use SVIs (Switched virtual interfaces). Using VLANs can provide the following benefits: